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Abstract 



Some geometry on non-singular cubic curves, mainly over finite fields, is surveyed. 
psj I Such a curve has 9, 3, 1 or points of inflexion, and cubic curves are classified ac- 

cordingly. The group structure and the possible numbers of rational points are also 
p^ . surveyed. A possible strengthening of the security of elliptic curve cryptography is 

^ I proposed using a 'shared secret' related to the group law. Cubic curves are also used 

in a new way to construct sets of points having various combinatorial and geometric 
properties that are of particular interest in finite Desarguesian planes. 
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In cryptography, the following views of an elliptic curve over a particular field K are com- 
mon: 

(i) a curve of genus 1; 

- ^ ■ (ii) a plane non-singular cubic curve; 

>< 
j^ ■ (iii) a plane non-singular cubic curve with an inflexion; 

(iv) {(x, y) \ y'^ = x^ + ax + b}. 

In this paper (iii) is used; for many fields, it is equivalent to (iv). 

However, to perform elliptic curve cryptography (ECC) on a non-singular cubic curve 
it is really not necessary to assume that the curve has an inflexion. This then widens the 
choice of the curve that is used for the encryption. If only non-singular cubics with more 
than one inflexion point are considered then, since an inflexion point other than the zero 
has order 3 and the order of a subgroup divides the order of the group, this restricts to 
curves whose group size is divisible by 3. 

Given two irreducible curves C, V, an isomorphism from C to 25 is an invertible poly- 
nomial transformation; it induces an isomorphism of their function fields. A non-singular 



cubic curve is isomorphic to one containing at least one inflexion point; see, for example, 
[6l Section 7.10]. Two non-singular cubics, both with at least one inflexion, are isomorphic 
if and only if there is a projective transformation between them. So to classify non-singular 
cubics up to isomorphism is equivalent to classifying non-singular cubics with an inflexion 
up to projective transformation. 

Given a non-singular cubic with an inflexion, when the field K has characteristic other 
than two, co-ordinates may be chosen so that the line at infinity contains an inflexion point 
and the curve is normalised to the form y'^ = f{x), where / has degree 3. Canonical forms 
for these cubics are given in Section 16.31 However, there do exist non-singular cubic curves 
having no inflexion point; see Section l674l 

Also, in this paper, a modification of the usual version of elliptic curve cryptography 
is suggested. Suppose two parties A and B are establishing a secret key using elliptic 
curve cryptography. They are working with a given cubic curve C; it may be singular or 
non-singular and it may or may not have an inflexion. It may also be noted that elliptic 
curve cryptography may be carried out over any finite field using any cubic curve. In the 
usual version of elliptic curve cryptography, the line at infinity is a tangent at the inflexion 
O = (0 : 1 : 0). The identity element for the group structure is always chosen to be the 
inflexion point O. In the proposed variation, A and B share a secret. This secret, which 
will be digitised, is the choice of the identity element which is known only to A and B and 
which can be any point of the curve C. The choice of this identity point determines the 
group operation. The unknown identity of the identity point then makes the task of an 
eavesdropper that much more difficult. 

In Section [HI some new and purely geometrical applications of cubic curves over finite 
fields are discussed. 



2 Projective plane curves 

Let K be any field and let K be its the algebraic closure. Let F{X, Y, Z) be a form, that 
is, a homogeneous polynomial in K[X, Y, Z]. The graph of this form, 

C = {{x : y : z) eP\K) \ F{x,y,z) = 0}, 

is a curve in the projective plane P'^{K). The curve is irreducible if F{X,Y, Z) does not 
factor in ¥[X,y,Z]. 

A point P lying on a curve is a singular point of the curve if there is more than one 
tangent line to the curve through P, [6|, Section 1.3]. If no such point exists in P'^{K), 
that is, if there is a unique tangent line at each point of the curve considered over K, then 
the curve is non-singular. This means that, working over the algebraic closure of K, it is 
impossible to find a point P on C such that the three partial derivatives of F with respect 
to X, Y, Z are all zero at P. If a curve C in P^(fC) has a singular point in P^(i^) then the 
curve C is singular. 



Geometrically, the non-singularity of C means that it has no node or cusp or isolated 
double point; so there is a unique tangent line to the curve at every point P. 

3 Inflexion points 

A point of inflexion P of a curve is one for which the tangent at P has triple contact with 
the curve, [^1 Section 1.3]. Thus, in particular, the tangent line at an inflexion P of a cubic 
curve has no other point in common with the curve. 

The condition that the tangent line at P has triple contact with the curve is expressed 
algebraically by the requirement that 

P(X, Y, Z) = f{X, Y, Z) ■ g{X, Y, Z) + (aX + bY + cZfh{X, Y, Z), 

where 

(i) f{X, Y, Z) is the linear form defining the tangent line at P, 

(ii) g{X, Y, Z) is some form of degree n — 1, 

(iii) h{X, Y, Z) is a form of degree n — 3, 

(iv) aX + bY + cZ is some linear form vanishing at P, 

(v) n is the degree of the form F. 

For cubic curves. Points of inflexion are considered in relation to the group structure 
in Section m 

Over any field, the line joining any two inflexions meets the cubic in a third inflexion. 
To see this result the following Theorem of the Nine Associated Points is used. 

Theorem 3.1. Let S be an irreducible cubic curve defined over K by E and suppose that 
T> and T>' are any two other cubic curves defined over K by the forms D and D' . If 

S-V = Pi + P2 + --- + P9, 
S-V = Pi+P2 + --- + P8 + P, 

then R = Pg. 

Proof Here, the classical proof is given in the case that the P, are distinct. The general 
proof follows from Noether's Theorem; see Fulton [H Section 5.6] or [6, Section 4.5]. The 
general cubic form F{X, Y, Z) has 10 coefficients. The 8 equations E{Pi) = for i = 
1, 2, . . . , 8 impose 8 linearly independent conditions on the form E. So there is a pencil 
of cubics which pass through the 8 points Pi, P2, . . . , Ps. Hence D' = aE + PD for some 
a,l3 eK. Since E{Pg) = D{Pg) = 0, so D'{Pg) = 0. Therefore P = Pg. D 



Theorem 3.2. Let C be a cubic defined over K . IfPi,P2 are two distinct inflexion points 
ofC lying in P'^{K), and the line i = P1P2 meets C again in P3, then P3 is also an inflexion 
point ofC. 

Proof Let ii be the tangent hne to C at the point Pi, i = 1,2, 3, and let C ■ £3 = 2P3 + R. 
Define two cubics V = d.^ and T>' = £i£2^3- Then 

C-V = 3P1 + 3P2 + 3P3, 
C-V = 3Pi + 3P2 + 2P3 + p. 

So, by the previous theorem, R = P3; that is, C ■ £3 = 3P3 and thus P3 is an infiexion point 
ofC. D 

Given a form F{x, y, z) of degree n, its Hessian Ti is defined as the curve given by the 
form H that is the determinant of the second-order partial derivatives of F: 



H 



Fxx FxY Fxz 
Fyx Fyy Fyz 
Fzx FzY Fzz 



Thus the Hessian is a curve of degree 3(r2 — 2). 

Theorem 3.3. Suppose F{X, Y, Z) G K[X, Y, Z] is a form of degree n and that 2{n — 1) is 
invertible in K . A non- singular point P lying on the curve C defined by F is an inflexion 
point of C if and only if its Hessian form H vanishes at P. 

Remark 3.4. If 2{n— 1) is not invertible in K then H is identically zero. For an appropriate 

treatment in this case, see P, Section 11.2]. 

Suppose now that C is a non-singular cubic curve. Then its Hessian "H is also a cubic. 
Bezout's Theorem shows that, over an algebraically closed field of characteristic different 
from 2 and 3, there are, in general, 9 inflexion points of C. 

Over the fleld of complex numbers these nine points form a famous conflguration, 
namely the 9 points of AG(2,3), the afline plane of order 3. Classically this (94,123) 
conflguration of 9 points and 12 lines, with 4 lines through a point and 3 points on a line, is 
called the Hesse Conflguration. Over a flnite fleld K = Yq there are 0, 1, 3 or 9 inflexions. 
In the case of 9 inflexions, the 9 points again form a copy of AG(2,3) embedded in the 
projective plane PG(2,g). 

Theorem 3.5. The number of rational inflexions of a non-singular cubic over Fg is 0, 1, 3, 
or 9. The possibilities are as follows: 



g = (mod 3) : 


0, 1, 3; 


q = 2 (mod 3) : 


0, 1, 3; 


g = 1 (mod 3) : 


0, 1, 3, 9 



In the case that q = I (mod 3), by a suitable choice of coordinates, the configuration 
of 9 points always has the following form /Cg, where w is a primitive cube root of unity in 
K: 

i-co', 0, 1), (1, -1, 0), (1, -co, 0), (1, -co', 0)} (3.1) 

This set /Cg is a Hessian configuration for the non-singular cubic with form 

F = X^ + Y^ + Z'- ScXYZ, 

with c any element such that c^ ^ 1. When g = 4, take c = 0; then /Cg is the set of rational 
points of the Hermitian curve with form 

XX + YY + ZZ, 

where T = T^ = T'. 

For further illumination on inflexions of a cubic, including the singular ones, see [51 
Chapter 11]. 

The advent of elliptic curve cryptography has aroused considerable interest in elliptic 
curves over Fg. The main idea involves a key-exchange between two communicating parties, 
similar to the Diffie-Hellman protocol. There is a publicly prescribed elliptic curve over 
some finite field, with associated group G that may be taken to be cyclic, with generator 
P. Communicating parties A, B choose their secret positive numbers a, /3. Then A openly 
transmits the point aP, that is, P added to itself a times, to B. Also, B transmits /3P in 
the open to A. Now, A calculates a{pP) and B calculates P{aP). The upshot is that A 
and B are now in possession of a common secret key aPP = PaP. Security rests on the 
unproved assumption that, given mP, it is not possible to calculate m in a 'reasonable' 
amount of time. The commercialisation of this key-exchange has led to an intensive study 
of elliptic curves over a finite field. 

4 The group law on a cubic 

Let C be an irreducible cubic curve in P^(/C), and consider only the rational points of C, 
that is, those lying over K; denote this set by C{K). If C is singular with singularity Pq, 
let C{Ky = C{K)\{Po}. When C is non-singular, write C{Ky = C{K). 

If P, Q are points of C{Ky then define P * Q to be the third intersection of the line 
PQ with C. In particular, when Q = P, the line PQ is the tangent at P and P * P = Pt is 
the tangential of P. If P is an infiexion then Pt = P. 

Now choose any point O of C{Ky as the identity point for the group operation. Then 
an operation © is defined on C{Ky as follows: 

P®Q = {P*Q)*0. (4.1) 




p*g 



Figure 1: Abelian group law on an elliptic curve 

The negative of © is written — . 

Let the tangential Ot at O be denoted by A^. 

Theorem 4.1. (i) The points of C{Ky form a group G with identity O under the oper- 
ation ©. 

(ii) -N = N. 

(iii) Three points P, Q, R of C{Ky are collinear if and only ifP®Q®R = N. 

(iv) // O is an inflexion, then three points P, Q, R of C{Ky are collinear if and only if 
P®Q®R = 0. 

If the characteristic of K is not 2 or 3, then, as in Theorem I6.4[ C may be given by 
the form F = Y^Z - X^ - cXZ^ - dZ^. 

With the identity point O = (0 : 1 : 0) the group law may be expressed algebraically 
as follows. With P = {xi : yi : 1) and Q = {x2 : y2 '■ ^) , 



(0:1: 0), if Xi = X2 and yi 7^ 1/2, 

(7^ — Xi — 0:2 : —7'^ + 27x1 + 7x2 — 2/1 : 1), otherwise, 



P®Q-\ U.2 ^ ^ . .,3 



where 

\3xl + a/{2yi), ifa;i = X2, 

'y = < 

[{y2-yi)/{x2-xi), if xi 7^x2; 

see [21 Section 6.6]. 

Part (iii) of Theorem 14.11 can be generalised to curves of higher degree. 

Theorem 4.2. (i) The six distinct points P, Q, R, S, T, U of C{Ky lie on a conic if and 
only ifP®Q®R®S®T®U = 2N. 
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(ii) A set of 3m points Pi, P2, . . . , Psm of C{Ky lie on a curve of order m if and only if 

For cubics, geometric results have algebraic counterparts. Here is a sample from [7], 
originally for the complex numbers, but applicable over any field. 



Geometric formulation 


Group-theoretic formulation 


P and Q have the same tangential 


2P = 2Q or 2(P - Q) = 


There exist four tangents from P 


2X (B P = N has four solutions 


P is a inflexion 


3P = N 


C has 9 inflexions 


3P = N has nine solutions 


If P and Q are inflexions then 
R = P * Q is another inflexion; 
ii P^Q then R^ P,Q 


If 3P = A^ and 3Q = N, then 
P®Q®R = N implies 3P = A^ 



The calculations become more familiar, but not less complicated, if the point O is 
in fact an inflexion point. It is important to note that all different choices for O yield 
isomorphic groups. 



5 Classification of singular cubics 

An irreducible cubic C over K with a singular point Pq has 2, 1 or tangents lying over K 
at Pq, which is correspondingly a node, cusp or isolated double point. Let A/7 indicate an 
irreducible singular cubic over Fg with i rational inflexions and j distinct rational tangents 
at the singularity; here, 'rational' means 'over K\ 

When the characteristic of i^ is 3, there is one cubic C = M^ of particular note. It 
has the associated canonical form F = ZY^ — X^ and every point of A/? in P^(fC) other 
than the singular point Pq = (0 : : 1) is an inflexion. 

Theorem 5.1. (i) For an irreducible singular plane cubic curve C over Fg, with C 7^ f/g , 

(a) there are 3 collinear inflexions over K; 

(b) the inflexions are rational or lie over a quadratic extension or a cubic extension. 

(ii) For any q there are precisely four protectively distinct singular cubics. 



In Table HI canonical forms are given in the cases of a node and a cusp including M^. 
For the canonical forms in the case of an isolated double point, see [5l Section 11.4]. 

Table 1: Canonical forms for singular cubics 



Symbol 


q = m (mod 12) 
m 


Form 


Ml 


3,9,2,8,5,11 


XYZ -X^-Y^ 


Mi 


4,1,7 


XY-X^- Y' 


A/? 


4,1,7 


XYZ -X^-aY^, a non-cube 


M^ 


3,9 


ZY^ - X^Y - X' 


K' 


3,9 


ZY^ - X' 


Afl 


2,8,4,1,5,7,11 


ZY^ - X' 



There is a nice combinatorial/geometric characterisation of singular cubics due to 
Tallini Scafati [11]. See also O Section 12.8]. 

Theorem 5.2. Let K, be a set of k points in PG(2,g), with q odd, q > 11, and with no 4 
points of IC collinear. If IC contains 4 points P, Pi, P2, P3 such that 

(i) there is no line through P intersecting IC in 3 points, 

(ii) any conic through P and one of the Pi meets /C in at most 3 other points, 

(iii) fc>g-^yg+f, 

then /C is contained in a rational cubic with a double point at P. 

Due to later results, see O Sections 10.4, 10.5] the lower bound in (iii) in this theorem 
can be improved. 

6 Classification of non-singular cubics 

The following result from Section |3] is recalled. 

Theorem 6.1. IfC is a non-singular cubic curve defined over K then C has exactly 0, 1, 3 
or 9 inflexion points in P'^{K). 



6.1 Non-singular cubics with nine rational inflexions 

Theorem 6.2. A non-singular cubic C with form F and nine rational inflexions exists over 
Fq if and only if q = 1 (mod 3), and then F has canonical form 

F = X^ + Y^ + Z^- ScXYZ. 

The nine inflexions are those given in (13.11) . 

6.2 Non-singular cubics with three rational inflexions 

Theorem 6.3. A non-singular cubic C with form F and three rational inflexions exists 
over Fq for all q. The inflexions are necessarily collinear. 

(i) // the inflexional tangents are concurrent, the canonical forms are as follows: 

(a) g = 0,2 (mod 3), 

F = XY{X + Y) + Z^; 

(b) q = I (mod 3), 

F = XY{X + Y) + Z'\ 
F = XY{X + Y) + aZ^, 
F = XY{X + Y) + a'^Z\ 

where a is a primitive element of Fq . 

(ii) If the inflexional tangents are non- concurrent, the canonical form is as follows: 

F = XYZ + e{X + Y + Zf, 

e^ 0,-1/27. 

In case (i), the inflexions are 

(1:0:0), (0:1:0), (1:-1;0); 

in case (ii), the inflexions are 

(0:1:-1), (1:0: -1), (1 : -1 : 0). 



6.3 Non-singular cubics with one rational inflexion 

For q = 2^, the trace of an element a; G F^ is 



/ \ 2 4 2^~^ 

T[X) = X + X + X + ■ ■ ■ + X 



Theorem 6.4. A non- singular, plane, cubic curve defined over Fq, q = p^, with at least 
one inflexion has one of the following canonical forms F. 



F = Y^Z -X^ - cXZ^ - dZ% 



F = Y^Z - X^ - bX^Z - dZ^ 



F' = Y^Z -X^ - cXZ^ - dZ^ 



(i) Py^2,3, 

where 4c^ + 27d^ ^ 0. 
(ii) p = 3, 
(a) 

where bd j^ 0; 
(b) 

where c 7^ 0. 
(hi) p = 2. 



F = Y^Z + XYZ + X^ + bX^Z + dZ'\ 

where 6 = or a fixed element of trace 1, and c 7^ 0; 

(b) 

F = Y^Z + YZ^ + eX^ + cXZ^ + dZ^, 

where e = 1 when q = 0,2 (mod 3) and e = l,a, o? when g = 1 (mod 3), with 
a a primitive element ofFq] also, d = or a given element of trace 1. 

A complete discussion and classification of cubic curves over finite fields may be found 
in [5]. 

6.4 Non-singular cubics with no rational inflexions 

Theorem 6.5. A non-singular, plane, cubic curve defined overFq, q = p^, with no rational 
inflexion has one of the following canonical forms F. 
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(i) g = 2 (mod 3), 

F = Z^ - 3c(X2 - dXY + Y^)Z - [X^ - SXF^ + dY^), 

where T^ — 3T + d is irreducible. 

(ii) g = 1 (mod 3), 

(a) 

F = X'^ + aY'^ + c?Z'^ - 'icXYZ, 

with a a primitive element of Fg . 

(b) 



F = XY"^ + X'^Z + eYZ^ - c(X^ + eY'^ + e^Z^ - 3eXrZ), 
with a a primitive element of = Fg and e = a, o? . 

(ii) g = (mod 3), 

F = X^ + y3 + cZ^ + dX'^Z + dXr^ + d^X^ + dYZ'^, 

where c ^ 1 and T^ + dT — 1 is a fixed irreducible polynomial. 

7 Number of rational points on a cubic 

With Ni the number of rational points on a curve J-", consider the case that J-" is a non- 
singular plane cubic C. The Hasse bound states that 

q+l~2y^<Ni<q + l + 2y/^. (7.1) 

The next result shows what values in the range actually occur. For any integer M 
and any prime divisor i, let ve{M) be the highest power of i dividing M; that is, ]^^£^**^*^) 
is the prime decomposition of M. 

Theorem 7.1. There exists a non-singular plane cubic over Fq, q = p^, with precisely 
Ni = q + 1 — t rational points^ where \t\ < 2y^, in the cases listed in Table\^ Below, Gq 
is the corresponding group formed by the points of the cubic. 

(1) Gc = Z/(p''^(^^)) X n.^p(Z/(r^) X Z/{t^)), 
with ri + se = Vi{Ni) and min(r£, s^) < Ve{q — 1); 

(2) rZ/(g + l) /org^-1 (mod4), 

;3) ^^ - \ Z/(c 

(4) Gc = Z/(XO 



(3) ^^ 1 Z/(g + l) or Z/(2) X Z/((g+l)/2) for q = -1 {mod 4); 
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Table 2: Values of t 





t 


P 


h 


(1) 


t ^ (mod p) 






(2) 


t = 




odd 


(3) 


t = 


p^l (mod 4) 


even 


(4) 


t = ±VQ 


p ^ 1 (mod 3) 


even 


(5) 


t = ±2^ 




even 


(6) 


t = ±v^ 


p = 2 


odd 


(7) 


t = ±v/3g 


p = 3 


odd 



(5) Gc = Z/(v^) X Z/(v/iVi), N, = (yg ± 1)2; 

(6) Gc = Z/(iVi); 

(7) Gc = Z/(iVi). 

The range of t is due to Waterhouse p^ and the corresponding groups independently 
to Riick ^ and Voloch [13j . 

Let Nq{l) denote the maximum number of rational points on any non-singular cubic 
over Fq and Lq{l) the minimum number. The prime power q = p^ is exceptional if h is odd, 
h > 3, and p divides [2^J . 

Corollary 7.2. The bounds Nq{l) and Lq{l) are as follows: 

(i) A^ d) = I ^^ L2v/^J' */<? ^s exceptional 

'^ (^ q + I + [2y/q\, if q is non- exceptional] 



(•■\ T (^\ — ^ q + 2— [2y/q\, if q is exceptional 
"^ [^ g + 1 — [2^ygJ, if q is non-excepti 



g + 1 — [2^ygJ, if q is non- exceptional. 

Corollary 7.3. The number Ni takes every value between q + 1— [2y/q\ and q + l+ [2y/q\ 
if and only if (a) g = p or (b) q = p"^ with p = 2 or p = 3 or p = 11 (mod 12). 

Remark 7.4. The only exceptional g < 1000 is g = 128. 

Theorem 7.5. The number of points Ni on a non-singular cubic, for which the number n 
of rational inflexions is n = 0, 1, 3, 9, satisfies the following: 

(i) lfn = 0, then Ni = (mod 3); 
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(ii) Ifn = l, then Ni = ±1 (mod 3); 
(iii) Ifn = 3, then Ni = (mod 3); 

(iv) //n = 9, then Ni = (mod 9). 

Let Aq be the total number of isomorphism classes and Pg the total number of pro- 
jective equivalence classes. Also, n, for i = 0, 1, 3, 9 is the number of projective equivalence 
classes with exactly i rational inflexions. Hence 

Ag = ng + ns + ni, Pg = Ug + n^ + Ui + Uq. 

Theorem 7.6. (i) A^ = 2g + 3 + ( — J + 2 ( ^ 



Here, the following Legendre-Jacobi symbols are used: 

_4X I ^ ifc=l (mod 4), 



^/c = (mod 2), 
' if c = —1 (mod 4); 




o\ [1 ifc=l (mod 3), 

if c = (mod 3), 
^ if c = —1 (mod 3). 

The number of inequivalent types of cubic with a fixed number of rational points can 
also be given. Let Aq{t) and Pq{t) be the number of inequivalent non-singular cubics with 
exactly q + 1 — t rational points under isomorphism and projective equivalence. So 

Aq = J2Mt), P, = Y.P,{t). 

t t 

The values of Aq{t) and -Pg(t), due to Schoof [H], are also given in O Section 11.11]. 

8 Some new applications in finite geometries 

Much of finite geometries is concerned with maximal sets of points in PG(2,g) obeying 
various geometrical conditions: such sets are often of considerable interest also in algebraic 
coding theory. For example, a key result in the theory of MDS codes has as its foundation 
a famous theorem of the late B. Segre. This result asserts that, for q odd, a set of points 
with no 3 coUinear has size at most g -(- 1 with equality if and only if the set is the point 
set of a non-degenerate conic. 

The next result, found independently by A. Zirilli and P.M. Neumann, see [2], is 
usually phrased using elliptic curves, that is, non-singular cubic curves with an inflexion 
point. However, as is seen below, this assumption is not necessary. 
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Table 3: Number of inequivalent cubics 



q = m (mod 12) 
m 


ng 


ns 


ni 


no 


A, 


n 


3 





q-1 


q + 3 


q-1 


2q + 2 


3g + l 


9 





q-1 


g + 5 


q-1 


2g + 4 


3g + 3 


2,8 





q-1 


g + 2 


q-1 


2g + l 


3g 


4 


i^(? + 8) 


|(2g + 4) 


\{5q + l2) 


q + 1 


2g + 5 


3g + 6 


1 


3^(g+ll) 


|(2g + 4) 


i(5g + 15) 


q + 1 


2g + 6 


3g + 7 


7 


i^(? + 5) 


|(2g + 4) 


i(5g + 9) 


q + 1 


2g + 4 


3g + 5 


5 





q-1 


g + 3 


q-1 


2g + 2 


3g + l 
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q-1 


g + 1 


q-1 


2g 


3g-l 



Theorem 8.1. If a non-singular cubic curve C has an even number k of rational points, 
then there exists a set S of k/2 points of C with no three collinear. 

Proof Let G be the abehan group obtained from C, using the general construction of 
Section H] and the notation there. Then, from Theorem 14.11 three points on C are collinear 
if and only if they add up to A^. Let H be the subgroup of index 2 in G. There is another 
coset i^ of if in G so that G is the disjoint union of H and K. There are two cases: 

(i) A^ lies in H; 
(ii) A^ lies in K. 

In case (i), take S to be the set K. Suppose that P, Q, R are in K. Then P ®Q must 
be in H so that P ®Q ® R must be in K. In particular, P (BQ ® R cannot be equal to A^, 
which is in H. Therefore 5 is a set of k/2 points with no 3 collinear. 

In case (ii), take S to be the set H. Let P, Q, R be any 3 points of S. Since if is a 
subgroup, P © Q © -R is in if . In particular, P ® Q ® R cannot equal A^ since A^ is in K. 
Thus 5 is a set of k/2 points, with no 3 collinear. D 

Remark 8.2. It is possible that such sets S are not maximal when considered as sets of 
points in PG(2, q) with no 3 collinear. 

So far, sets of points with no three collinear have been considered. As any two points 
define a unique line, the next step is to try to find a result analogous to Theorem 18.11 for 
higher degree curves. 

Theorem 18.11 can be generalised as follows. 
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Theorem 8.3. Let C be a non-singular cubic curve in PG(2,g) containing exactly n points 
and with a cyclic group structure. Suppose the integer r divides n. Then there exists a set 
S of n/r points on C satisfying the following condition: no 3k points of S lie on any curve 
of degree k other than C whenever 1 < k < \r/3] . 

Proof The group G has a subgroup H of order n/r and index r. The cosets of H are 
denoted by if = if o, iii, ii2, • • • -f^r-i, where H^ © Hj = Hi+j (mod r)- 

Let Hj be the coset containing the point N. Take S = Hi where i is to be determined. 
Choose any 3k points Pi, P2, . . . , Psk in S. Their sum hes in the coset 3kHi = H^^ (mod r)- 
Using Theorem 14.2^ S has the desired property if the sum of these 3k points is always 
different from kN . This will follow from showing that the cosets ifa^j (mod r) and H]^j (mod r) 
are unequal; that is /c(3z — j) ^ (mod r). 

There are three cases to consider: 

(i) 3 does not divide r; 
(ii) 3 divides r but 3 does not divide j; 
(iii) 3 divides both r and j. 

In case (i), 3 does not divide r. Then 3 has a multiplicative inverse u modulo r. Put 
i = Mj -|-u. Then 3z — j = 1 (mod r). Thus, if A;(3i — j) = (mod r), then fc = (mod r). 
The hypotheses imply that 0<A;<r. So S = Hi has the desired property. 

In case (ii), if j = 2 (mod 3) then put i = {j + l)/3. If j = 1 (mod 3) then put 
i = {j ~ l)/3. Thus 3i — j is either 1 or —1 modulo r. Hence, if k{3i — j) = (mod r), 
then k = (mod r). As in case (i), this implies that S has the required property. 

In case (iii), put i = j/3 + 1. Then 3i — j = 3. If k{3i — j) = (mod r) then 3k = 
(mod r). But this contradicts the assumed bounds on k. Again this implies that S has the 
desired property. D 

Remark 8.4. In this proof, only the fact that G/H is cyclic is used. Strictly speaking, the 
assumption that G is cyclic can weakened to merely assuming that G/H is cyclic. 

Remark 8.5. In the statement of the theorem, the restriction that k < [r/3] is only 
required in case (iii). In the other two cases, it is sufficient to assume that k < r. 

Remark 8.6. Concerning the sets constructed in Theorem 18. ![ Voloch [12] has shown that, 
in many cases, they cannot be extended to larger sets with no 3 points coUinear. In [1], it 
is shown that these results of Voloch can be strengthened and generalised. 

The research of the first author is supported by grants from NSERC. The research of 
the third author is supported by grants from ARP and NSERC. 
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